GCHQ places job ad for white hat hackers, for attack as well as defence

Applicants will have their character, family history—and conscience—vetted.

For the first time, the UK's GCHQ is openly recruiting "Computer Network Operations Specialists" (CNOS)—white hat hackers—and a lot of them. A GCHQ spokesperson told Ars: "We are looking to recruit at least 80 people as Computer Network Operations Specialists, from internal and external sources, in this financial year. This is an expansion."

The job involves both "cyber security and cyber intelligence roles." According to GCHQ, "cyber security" involves "detecting and preventing attempts to attack the critical national infrastructure, or seeking to defend government systems against criminals seeking to steal information, identities or money." The CNOS role can involve attack as well as defence. "Cyber intelligence" includes developing "software to access the computers of a terrorist group, or carry out operations to retrieve vital online clues about the location and identity of members of an organised crime ring."

Applicants must be "committed and responsible individuals," and have "complex coding and problem-solving skills." GCHQ's spokesperson explained: "we're looking for people who have that spark of something extra: pushing their coding skills to the limit by tackling hard problems like contributing to open source projects or coding for games or technical work."

As GCHQ's page on recruitment makes clear, there are a number of stringent requirements that must be met as part of a formal vetting process. This involves checks into "your character, family history and personal circumstances," and can take up to nine months. Not only must you be a British citizen, but at least one of your parents must also either be a British citizen, or have "substantial ties" to the UK.

Obstacles to recruitment include drug use, other addictions, a psychotic illness or bankruptcy. One curious aspect of the vetting process is the following: "we’ll look into your background to assess your risk of being put in a compromising position due to conscience," which almost seems to suggest that having a conscience might be a problem.

The GCHQ page about the white hat hacker recruitment drive touches on this ethical aspect when it writes: "Strict legal controls, safeguards and requirements apply to all GCHQ’s activities, which can only be carried out for the statutory purposes and in support of the national security priorities that are set by ministers." However, as we know from a recent ruling by the Investigatory Powers Tribunal, the body that investigates complaints against GCHQ, those legal controls have not been strictly followed at all times.

Moreover, the stream of leaked documents from Edward Snowden reveal a wide range of activities by GCHQ that are hard to square with the idea that there are "strict legal controls," although that doesn't seem to have affected GCHQ recruitment either way. "We haven't found a change in appetite for technical jobs in GCHQ over the past few years," the spokeperson said. "We're hoping that recruiting openly for these roles will attract some capable candidates who hadn't previously considered working for us, or who didn't realise that they had the skills we're looking for." On offer is "tailored training" and a starting salary of £27,913 (~$44,000). Closing date for applications is 8 June.

Promoted Comments

This is ultimately a civil servant position, I think? And I don't think they tend to be paid very well in the UK.

Yeah, these are public sector positions. Public sector salaries have been squeezed/frozen since 2007, but £27k is very low for someone with this level of skill set already. This is a graduate-second job level salary, and Cheltenham isn't a low-cost area to live in. (It's a lovely town though, and i'd thoroughly recommend a visit)

I expect the GCHQ HR team have somewhat underestimated what they need to pay, unless they're looking to attract some .NET developers and train them up afterward.

10 Reader Comments

The pay is absolute peanuts compared to what someone in security can easily earn in the private sector. Heck, I'll be making a lot more than that in my new entry-level graduate job and I don't have to go through extensive vetting for it either.

The pay is absolute peanuts compared to what someone in security can easily earn in the private sector. Heck, I'll be making a lot more than that in my new entry-level graduate job and I don't have to go through extensive vetting for it either.

The pay is absolute peanuts compared to what someone in security can easily earn in the private sector. Heck, I'll be making a lot more than that in my new entry-level graduate job and I don't have to go through extensive vetting for it either.

This is ultimately a civil servant position, I think? And I don't think they tend to be paid very well in the UK.

This is ultimately a civil servant position, I think? And I don't think they tend to be paid very well in the UK.

Yeah, these are public sector positions. Public sector salaries have been squeezed/frozen since 2007, but £27k is very low for someone with this level of skill set already. This is a graduate-second job level salary, and Cheltenham isn't a low-cost area to live in. (It's a lovely town though, and i'd thoroughly recommend a visit)

I expect the GCHQ HR team have somewhat underestimated what they need to pay, unless they're looking to attract some .NET developers and train them up afterward.

The pay is absolute peanuts compared to what someone in security can easily earn in the private sector. Heck, I'll be making a lot more than that in my new entry-level graduate job and I don't have to go through extensive vetting for it either.

Interesting point.

Let's hope that those with real skills have either ethics and thus no interest in working for such an agency or at least want to be paid well so they have no interest in working for such an agency.

All of the spying organizations have clearly shown utter disregard for law or ethics and they definitely don't need highly skilled people to help them depart even more form either law or ethics.

The pay is absolute peanuts compared to what someone in security can easily earn in the private sector. Heck, I'll be making a lot more than that in my new entry-level graduate job and I don't have to go through extensive vetting for it either.

Yes, but by signing up you will also demonstrate that you are a true patriot. [/s]

The pay is absolute peanuts compared to what someone in security can easily earn in the private sector. Heck, I'll be making a lot more than that in my new entry-level graduate job and I don't have to go through extensive vetting for it either.

Yes, but by signing up you will also demonstrate that you are a true patriot. [/s]

Hardly. We know from Snowden that GCHQ works for a foreign power which probably doesn't have our country's best interests at heart (the US).

The pay is absolute peanuts compared to what someone in security can easily earn in the private sector. Heck, I'll be making a lot more than that in my new entry-level graduate job and I don't have to go through extensive vetting for it either.

Yes, but by signing up you will also demonstrate that you are a true patriot. [/s]